This is an automated email from the ASF dual-hosted git repository. samt pushed a commit to branch cassandra-5.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 217490bdd8dbbfd51a23f60d522a3fdee3638b39 Merge: ba73f7ce34 d14d16926e Author: Sam Tunnicliffe <[email protected]> AuthorDate: Fri Jan 17 09:09:15 2025 +0000 Merge branch 'cassandra-4.1' into cassandra-5.0 CHANGES.txt | 3 + src/java/org/apache/cassandra/auth/Permission.java | 7 ++ src/java/org/apache/cassandra/auth/Resources.java | 28 ++++- .../cql3/statements/GrantPermissionsStatement.java | 21 ++++ .../apache/cassandra/schema/SchemaConstants.java | 10 ++ .../org/apache/cassandra/service/ClientState.java | 60 ++++++++-- .../apache/cassandra/auth/GrantAndRevokeTest.java | 127 ++++++++++++++++++++- test/unit/org/apache/cassandra/cql3/CQLTester.java | 8 ++ .../apache/cassandra/service/ClientStateTest.java | 4 +- 9 files changed, 248 insertions(+), 20 deletions(-) diff --cc CHANGES.txt index af417d3fee,17f31338ae..feae546032 --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -22,17 -15,6 +22,20 @@@ Merged from 4.0 * Fix CQL in snapshot's schema which did not contained UDTs used as reverse clustering columns (CASSANDRA-20036) * Add configurable batchlog endpoint strategies: random_remote, prefer_local, dynamic_remote, and dynamic (CASSANDRA-18120) * Fix bash-completion for debian distro (CASSANDRA-19999) ++Merged from 3.0 ++ * Tighten up permissions on system keyspaces (CASSANDRA-20090) ++ * Fix incorrect column identifier bytes problem when renaming a column (CASSANDRA-18956) + + +5.0.2 + * Use SinglePartitionReadCommand for index queries that use strict filtering (CASSANDRA-19968) + * Always write local expiration time as an int to LivenessInfo digest (CASSANDRA-19989) + * Enables IAuthenticator's to return own AuthenticateMessage (CASSANDRA-19984) + * Use ParameterizedClass for all auth-related implementations (CASSANDRA-19946) + * Correct out-of-date metrics and configuration documentation for SAI (CASSANDRA-19898) +Merged from 4.1: + * Fix race condition in DecayingEstimatedHistogramReservoir during rescale (CASSANDRA-19365) +Merged from 4.0: * Ensure thread-safety for CommitLogArchiver in CommitLog (CASSANDRA-19960) * Fix text containing "/*" being interpreted as multiline comment in cqlsh (CASSANDRA-17667) * Fix indexing of a frozen collection that is the clustering key and reversed (CASSANDRA-19889) diff --cc src/java/org/apache/cassandra/auth/Permission.java index d6025a068f,11c7aeb05b..3a621e7ee5 --- a/src/java/org/apache/cassandra/auth/Permission.java +++ b/src/java/org/apache/cassandra/auth/Permission.java @@@ -56,13 -61,16 +56,20 @@@ public enum Permissio DESCRIBE, // required on the root-level RoleResource to list all Roles // UDF permissions - EXECUTE; // required to invoke any user defined function or aggregate + EXECUTE, // required to invoke any user defined function or aggregate + + UNMASK, // required to see masked data + + SELECT_MASKED; // required for SELECT on a table with restictions on masked columns public static final Set<Permission> ALL = - Sets.immutableEnumSet(EnumSet.range(Permission.CREATE, Permission.EXECUTE)); + Sets.immutableEnumSet(EnumSet.range(Permission.CREATE, Permission.SELECT_MASKED)); public static final Set<Permission> NONE = ImmutableSet.of(); + + /** + * Set of Permissions which may never be granted on any system keyspace, or table in a system keyspace, to any role. + * (Only SELECT, DESCRIBE and ALTER may ever be granted). + */ + public static final Set<Permission> INVALID_FOR_SYSTEM_KEYSPACES = + Sets.immutableEnumSet(EnumSet.complementOf(EnumSet.of(Permission.SELECT, Permission.DESCRIBE, Permission.ALTER))); } diff --cc src/java/org/apache/cassandra/auth/Resources.java index 75353ee90c,2863710632..4df2ee50cf --- a/src/java/org/apache/cassandra/auth/Resources.java +++ b/src/java/org/apache/cassandra/auth/Resources.java @@@ -19,7 -19,10 +19,8 @@@ package org.apache.cassandra.auth import java.util.ArrayList; import java.util.List; + import java.util.function.Predicate; -import org.apache.cassandra.utils.Hex; - public final class Resources { /** diff --cc test/unit/org/apache/cassandra/cql3/CQLTester.java index 6eade9333e,c20a0cea2a..b28e58be59 --- a/test/unit/org/apache/cassandra/cql3/CQLTester.java +++ b/test/unit/org/apache/cassandra/cql3/CQLTester.java @@@ -103,52 -69,14 +103,53 @@@ import org.apache.cassandra.auth.AuthTe import org.apache.cassandra.auth.IRoleManager; import org.apache.cassandra.concurrent.ScheduledExecutors; import org.apache.cassandra.concurrent.Stage; +import org.apache.cassandra.config.CassandraRelevantProperties; import org.apache.cassandra.config.DataStorageSpec; +import org.apache.cassandra.config.DatabaseDescriptor; import org.apache.cassandra.config.EncryptionOptions; +import org.apache.cassandra.cql3.functions.FunctionName; +import org.apache.cassandra.cql3.functions.types.ParseUtils; +import org.apache.cassandra.db.ColumnFamilyStore; + import org.apache.cassandra.db.ConsistencyLevel; +import org.apache.cassandra.db.Directories; +import org.apache.cassandra.db.Keyspace; +import org.apache.cassandra.db.SystemKeyspace; +import org.apache.cassandra.db.marshal.AbstractType; +import org.apache.cassandra.db.marshal.BooleanType; +import org.apache.cassandra.db.marshal.ByteBufferAccessor; +import org.apache.cassandra.db.marshal.ByteType; +import org.apache.cassandra.db.marshal.BytesType; +import org.apache.cassandra.db.marshal.CollectionType; +import org.apache.cassandra.db.marshal.DecimalType; +import org.apache.cassandra.db.marshal.DoubleType; +import org.apache.cassandra.db.marshal.DurationType; +import org.apache.cassandra.db.marshal.FloatType; +import org.apache.cassandra.db.marshal.InetAddressType; +import org.apache.cassandra.db.marshal.Int32Type; +import org.apache.cassandra.db.marshal.IntegerType; +import org.apache.cassandra.db.marshal.ListType; +import org.apache.cassandra.db.marshal.LongType; +import org.apache.cassandra.db.marshal.MapType; +import org.apache.cassandra.db.marshal.SetType; +import org.apache.cassandra.db.marshal.ShortType; +import org.apache.cassandra.db.marshal.TimeUUIDType; +import org.apache.cassandra.db.marshal.TimestampType; +import org.apache.cassandra.db.marshal.TupleType; +import org.apache.cassandra.db.marshal.UTF8Type; +import org.apache.cassandra.db.marshal.UUIDType; +import org.apache.cassandra.db.marshal.VectorType; import org.apache.cassandra.db.virtual.VirtualKeyspaceRegistry; import org.apache.cassandra.db.virtual.VirtualSchemaKeyspace; +import org.apache.cassandra.dht.Murmur3Partitioner; +import org.apache.cassandra.exceptions.ConfigurationException; import org.apache.cassandra.exceptions.InvalidRequestException; +import org.apache.cassandra.exceptions.SyntaxException; +import org.apache.cassandra.index.Index; import org.apache.cassandra.index.SecondaryIndexManager; +import org.apache.cassandra.io.filesystem.ListenableFileSystem; import org.apache.cassandra.io.util.File; +import org.apache.cassandra.io.util.FileSystems; +import org.apache.cassandra.io.util.FileUtils; import org.apache.cassandra.locator.InetAddressAndPort; import org.apache.cassandra.locator.TokenMetadata; import org.apache.cassandra.metrics.CassandraMetricsRegistry; @@@ -1511,7 -1259,14 +1512,14 @@@ public abstract class CQLTeste return Schema.instance.getTableMetadata(KEYSPACE, currentTable()); } - protected com.datastax.driver.core.ResultSet executeNet(ProtocolVersion protocolVersion, ConsistencyLevel consistency, String query) throws Throwable ++ protected com.datastax.driver.core.ResultSet executeNet(ProtocolVersion protocolVersion, ConsistencyLevel consistency, String query) + { + Statement statement = new SimpleStatement(formatQuery(query)); + statement = statement.setConsistencyLevel(com.datastax.driver.core.ConsistencyLevel.valueOf(consistency.name())); + return sessionNet(protocolVersion).execute(statement); + } + - protected com.datastax.driver.core.ResultSet executeNet(ProtocolVersion protocolVersion, String query, Object... values) throws Throwable + protected com.datastax.driver.core.ResultSet executeNet(ProtocolVersion protocolVersion, String query, Object... values) { return sessionNet(protocolVersion).execute(formatQuery(query), values); } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
